HOME   Cart(0)   Quotation   About-Us Policy PDFs Standard-List
www.ChineseStandard.net Database: 189759 (19 Oct 2025)

GB/T 20988-2025 English PDF

US$1229.00 · In stock
Delivery: <= 7 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 20988-2025: Cybersecurity technology - Disaster recovery specifications for information systems
Status: Valid

GB/T 20988: Evolution and historical versions

Standard IDContents [version]USDSTEP2[PDF] delivered inStandard Title (Description)StatusPDF
GB/T 20988-2025English1229 Add to Cart 7 days [Need to translate] Cybersecurity technology - Disaster recovery specifications for information systems Valid GB/T 20988-2025
GB/T 20988-2007English150 Add to Cart 0--9 seconds. Auto-delivery Information security technology - Disaster recovery specifications for information systems Valid GB/T 20988-2007

PDF similar to GB/T 20988-2025


Standard similar to GB/T 20988-2025

GB/T 20984   GB/T 21028   GB/T 20520   GB/T 20985.2   

Basic data

Standard ID GB/T 20988-2025 (GB/T20988-2025)
Description (Translated English) Cybersecurity technology - Disaster recovery specifications for information systems
Sector / Industry National Standard (Recommended)
Classification of Chinese Standard L80
Classification of International Standard 35.030
Word Count Estimation 61,677
Date of Issue 2025-06-30
Date of Implementation 2026-01-01
Older Standard (superseded by this standard) GB/T 20988-2007, GB/T 30285-2013
Issuing agency(ies) State Administration for Market Regulation, China National Standardization Administration

GB/T 20988-2025: Cybersecurity technology - Disaster recovery specifications for information systems


---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT20988-2025
ICS 35.030 CCSL80 National Standard of the People's Republic of China Replaces GB/T 20988-2007, GB/T 30285-2013 Network security technology information system disaster recovery specification Released on June 30, 2025 Implementation on January 1, 2026 State Administration for Market Regulation The National Standardization Administration issued

Table of Contents

Preface III 1 Scope 1 2 Normative references 1 3 Terms and Definitions 1 4 Disaster Recovery Overview 3 4.1 Disaster Recovery Objectives 3 4.2 Disaster Recovery Lifecycle and Scope of Work 3 5 Disaster Recovery Organizational Structure 4 5.1 Establishment of Organizational Structure 4 5.2 Organizational structure and responsibilities 4 6 Disaster Recovery Planning and Design 5 6.1 Determining Disaster Recovery Requirements 5 6.2 Development of Disaster Recovery Strategy 5 6.3 Disaster Recovery Technology Solution Design 7 6.4 Disaster Recovery Center Location and Level 9 6.5 Verification and Validation of Disaster Recovery Technology Solutions 9 7 Disaster Recovery System and Center Construction 9 7.1 Disaster Recovery System Construction 9 7.2 Disaster Recovery Center Construction 11 8 Disaster Recovery System Operation Management 12 8.1 Disaster Recovery Plan Development and Management 12 8.2 Disaster Recovery System Operation and Maintenance 13 8.3 Emergency Response and Disaster Takeover 15 8.4 Rebuilding and Rollback 16 8.5 Disaster Recovery Audit 16 9 Test and Evaluation Methods 16 9.1 Disaster Recovery Overall Test Evaluation Requirements 16 9.2 Disaster Recovery Organizational Structure Test and Evaluation Methods 16 9.3 Disaster Recovery Planning, Design, Testing and Evaluation Methods 17 9.4 Disaster Recovery System and Center Construction Test and Evaluation Methods 24 9.5 Security Construction Test and Evaluation Methods for Disaster Recovery Systems 28 9.6 Disaster Recovery System Operation Management Test Evaluation Method 36 Appendix A (Normative) Disaster Recovery Capability Classification 42 A.1 Level 1 --- Basic Support 42 A.2 Level 2 --- Alternate Site Support 42 A.3 Level 3 - Electronic Transmission and Partial Equipment Support 43 A.4 Level 4 - Electronic Transmission and Complete Equipment Support 43 A.5 Level 5 - Real-time data transmission and complete device support 44 A.6 Level 6 --- Zero Data Loss and Remote Cluster Support 45 A.7 Disaster Recovery Capability Rating Principles 46 A.8 Disaster Recovery Center Level 46 Appendix B (Informative) Example of the relationship between RTO/RPO and disaster recovery capability level for a disaster recovery center in a certain city in a certain industry 47 Appendix C (Informative) Example of Classification of Information System Requirements for a Certain Industry 48 Appendix D (Informative) Cloud Computing Technology Disaster Recovery Service Example 49 Appendix E (Informative) Security Construction of Disaster Recovery System 51 E.1 Network Security Level Protection 51 E.2 Safety Management System 51 E.3 Security Management Architecture 51 E.4 Security Managers 51 E.5 Secure Communication Network 51 E.6 Secure Computing Environment 52 E.7 Safety Construction Management 52 E.8 Security Operation and Maintenance Management 52 E.9 Supply Chain Security 53 E.10 Data Security 53 Appendix F (Informative) Disaster Recovery Plan Framework 54 F.1 Objectives and scope54 F.2 Organization and Responsibilities 54 F.3 Contact and Communication 54 F.4 Emergency Response Process 54 F.5 Recovery and Resumption Process 55 F.6 Post-disaster reconstruction and recovery 55 F.7 Guarantee conditions of the plan 55 F.8 Plan Appendix 55 Reference 56 Preface This document is in accordance with the provisions of GB/T 1.1-2020 "Guidelines for standardization work Part 1.Structure and drafting rules for standardization documents" Drafting. This document replaces GB/T 20988-2007 "Information Security Technology Information System Disaster Recovery Specification" and GB/T 30285-2013 "Information Security Technology Disaster Recovery Center Construction and Operation and Maintenance Management Specification", compared with GB/T 20988-2007, in addition to structural adjustments and editing In addition to the functional changes, the main technical changes are as follows. a) The terms "disaster backup center" and "disaster backup system" and their definitions have been deleted (see 3.1 and 3.3 of the.2007 edition); b) Added the terms "disaster recovery system" and "disaster recovery center" and their definitions (see 3.17 and 3.19); c) Change the term "disaster recovery plan" to "disaster recovery plan" and the term "drill" to "emergency drill" (see 3.15, 3.11, 2007 edition, 3.11 and 3.13); d) Added "Disaster Recovery Lifecycle Concepts and Models" (see Chapter 4); e) Added "Organizational Structure for Disaster Recovery" (see Chapter 5); f) Modified "Disaster Recovery Planning and Design" and added content on "Cloud Disaster Recovery" (see Chapter 6, Chapter 6 of the.2007 edition); g) Modified "Disaster Recovery Strategy Implementation" and added "Disaster Recovery Plan Verification and Validation" and "Disaster Recovery Center Construction" Content (see Chapter 6, Chapter 7, Chapter 7 of the.2007 edition); h) Modified "Disaster Recovery Strategy Implementation" and added "Operation and Maintenance Management in the Disaster Recovery Lifecycle" (see Chapter 8,.2007 Chapter 7 of the.2011 edition); i) Added “Disaster Recovery Test Evaluation Method” (see Chapter 9); j) Change “data backup system” to “data backup and disaster recovery system” (see Appendix A, Appendix A of the.2007 edition); k) Added "Security Construction of Disaster Recovery System" (see Appendix E); l) Added “Disaster Recovery Plan Framework” (see Appendix F). Please note that some of the contents of this document may involve patents. The issuing organization of this document does not assume the responsibility for identifying patents. This document is proposed and coordinated by the National Cybersecurity Standardization Technical Committee (SAC/TC260). This document was drafted by. China Information Security Evaluation Center, Beijing Anxin Tianxing Technology Co., Ltd., Beijing University of Posts and Telecommunications, Huawei Technologies Co., Ltd. Co., Ltd., China Electronics Technology Standardization Institute, China Science and Technology Information Security Common Technology National Engineering Research Center Co., Ltd., Beijing Financial Information Information Chemistry Research Institute Co., Ltd., Hangzhou Meichuang Technology Co., Ltd., Alibaba (Beijing) Software Services Co., Ltd., Shenzhen Science and Technology Lirui Technology Co., Ltd., Education Management Information Center of the Ministry of Education, National Information Center, Aerospace Yixinzhi (Jiangsu) Information Technology Co., Ltd., Beijing Municipal Bureau of Economy and Information Technology Cybersecurity Management Center, Ministry of Public Security First Research Institute, Gansu Haifeng Information Technology Co., Ltd., China Information Communications Research Institute, Qi'anxin Technology Group Co., Ltd., Sangfor Technologies Co., Ltd., Guangdong Information Security Evaluation Center, Civil Aviation Administration of China Chengdu Electronic Technology Co., Ltd., Yunnan Power Grid Co., Ltd. Information Center, Anhui University of Science and Technology, China Internet Network Information Center, The Institute of Information Engineering of the Chinese Academy of Sciences, Capital Information Technology Development Co., Ltd., and Shanxi Electric Power Survey and Design Institute of China Energy Engineering Group have Limited Company. The main drafters of this document are. Sun Mingliang, Zhang Xiaofei, Chen Qingmin, Li Xiaoyong, Li Xiaocui, Wang Huili, Liu Xin, Yuan Jie, Deng Juan, Gu Yinhong, Hu Jianxun, Li Haipeng, Yang Xiaoping, Feng Xiukang, Yang Xi, Chen Yonggang, Hu Anlei, Yang Weiping, Wu Qiyue, Liao Yunhua, Hu Chuntao, Yu Zheng, Cheng Yingbo, Li Qiuxiang, Lu Li, Zheng Fang, Zhao Zengzhen, Liu Feng, Peng Hailong, Ma Duohe, Xiao Peng, Wang Wenjia, Ma Yong, Li Jingyi, Ma Guoliang, Cao Jing, Wang Yuying, Kang Nan, Chang Xinmiao, Cao Hao, Liu Bin, An Jincheng, and Jin Suo. The previous versions of this document and the documents it replaces are as follows. ---GB/T 20988, first issued in.2007; GB/T 30285, first issued in.2013; ---This is the first revision. Network security technology information system disaster recovery specification 1 Scope This document establishes the principles of information system disaster recovery, provides the information system disaster recovery life cycle, and stipulates the The basic requirements that should be followed for disaster recovery are described, and the disaster recovery capability classification and testing evaluation methods are described. This document is applicable to various organizations such as disaster recovery demanders, service providers and evaluators to carry out information system disaster recovery planning. Design, construction implementation and operation management, etc. 2 Normative references The contents of the following documents constitute the essential clauses of this document through normative references in this document. For referenced documents without a date, only the version corresponding to that date applies to this document; for referenced documents without a date, the latest version (including all amendments) applies to This document. GB/T 20984-2022 Information security technology - Information security risk assessment method GB/T 25069-2022 Information Security Technical Terminology GB 50174-2017 Data Center Design Specification 3 Terms and Definitions The terms and definitions defined in GB/T 25069-2022 and the following apply to this document. 3.1 Offsite storage The process of storing storage media at a physical location at a safe distance from the main center (3.21) 3.2 Resumption process of replacing a primary center (3.21) with a disaster recovery center (3.19) to support the resumption of critical business functions (3.3) 3.3 A service or function whose interruption for a sufficient period of time will significantly affect the operation of the organization. 3.4 The point in time to which the information used by an activity needs to be restored in order for it to resume operations. [Source. GB/T 25069-2022, 3.253] 3.5 The period of time between the occurrence of an incident and the completion of restoration of a product or service, activity, or resource. Note. For products, services and activities, the recovery time objective must be less than the negative impact that the organization cannot accept, such as the suspension of product or service supply or the inability to perform activities. The time required to impact. [Source. GB/T 25069-2022, 3.254]

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of GB/T 20988-2025_English be delivered?

Answer: Upon your order, we will start to translate GB/T 20988-2025_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 7 working days. The lengthier the document the longer the lead time.

Question 2: Can I share the purchased PDF of GB/T 20988-2025_English with my colleagues?

Answer: Yes. The purchased PDF of GB/T 20988-2025_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.

Question 5: Should I purchase the latest version GB/T 20988-2025?

Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 20988-2025 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically.